[openssl-project] Entropy seeding the DRBG

Salz, Rich rsalz at akamai.com
Tue Apr 3 16:58:17 UTC 2018

>    Please note that that 50% extra is only used for instantiating the
    DRBG. On reseed we it only uses 256 bits.
True.  And now we're finding that VMS won't work.  And I bet there are other systems that will also find this amount excessive.
>    There is an alternative to that 50% extra, but it's not making
    sense to me.
>    The 1.1.0 version also used 256 bit.
The 1.1.0 code was pre-DRBG and was a piece of crap.  Using AES/DRBG is stronger, better, and for the normal case 128 bits is enough.

More information about the openssl-project mailing list